|
| 1 | +# TuxCare Radar |
| 2 | + |
| 3 | +This guide describes [TuxCare Radar](https://tuxcare.com/radar/) and how to install and use it. |
| 4 | + |
| 5 | +## What is TuxCare Radar? |
| 6 | + |
| 7 | +TuxCare Radar is an intelligent vulnerability scanner for Linux systems, fully integrated with TuxCare's live patching and ELS technologies. It swiftly uncovers vulnerabilities and ensures their effective prioritization using a unique algorithm that assesses the risk to your company based on a comprehensive set of risk factors. |
| 8 | + |
| 9 | +## Installation |
| 10 | + |
| 11 | +If you are not already a KernelCare or ePortal user, you will first need to install our repository configuration: |
| 12 | + |
| 13 | +RPM-based distributions (AlmaLinux, RHEL etc): |
| 14 | + |
| 15 | +```text |
| 16 | +cat > /etc/yum.repos.d/kernelcare.repo <<EOL |
| 17 | +[kernelcare] |
| 18 | +name=kernelcare |
| 19 | +baseurl=https://repo.cloudlinux.com/kernelcare/\$releasever/\$basearch |
| 20 | +enabled=1 |
| 21 | +gpgcheck=1 |
| 22 | +gpgkey=https://repo.cloudlinux.com/kernelcare/RPM-GPG-KEY-KernelCare |
| 23 | +EOL |
| 24 | +``` |
| 25 | + |
| 26 | +For APT-based distributions (Debian, Ubuntu etc): |
| 27 | + |
| 28 | +```text |
| 29 | +curl -s https://repo.cloudlinux.com/kernelcare/kernelcare.gpg -o /usr/share/keyrings/kcare.gpg |
| 30 | +
|
| 31 | +source /etc/os-release |
| 32 | +
|
| 33 | +if [ "$ID" = "debian" ]; then export VERSION_CODENAME=kcare; fi |
| 34 | +
|
| 35 | +printf '%s' \ |
| 36 | + "deb [signed-by=/usr/share/keyrings/kcare.gpg] " \ |
| 37 | + "https://repo.cloudlinux.com/kernelcare/kernelcare-$ID/$VERSION_ID " \ |
| 38 | + "$VERSION_CODENAME main" > /etc/apt/sources.list.d/kcare.list |
| 39 | +``` |
| 40 | + |
| 41 | +If you are already a KernelCare user or have followed the above repo instructions, you should be able to install Radar as simply as running one of the following: |
| 42 | + |
| 43 | +RPM-based distributions (AlmaLinux, RHEL etc): |
| 44 | + |
| 45 | +```text |
| 46 | +yum install tuxcare-radar |
| 47 | +``` |
| 48 | + |
| 49 | +For APT-based distributions (Debian, Ubuntu etc): |
| 50 | + |
| 51 | +```text |
| 52 | +apt-get install tuxcare-radar |
| 53 | +``` |
| 54 | + |
| 55 | +## Configuration |
| 56 | + |
| 57 | +You should have received your initial API key (something like `bc061b2b-c330-49f6-8953-849637d593ac`) along with your password. |
| 58 | + |
| 59 | +You will need to edit /etc/tuxcare-radar/radar.yaml on each server you wish to scan using Radar and insert your API key. In most instances we would recommend doing this via a centralised config-management tool such as Ansible or Puppet, but you could of course use `vim` or `sed` on the server itself, for example: |
| 60 | + |
| 61 | +```text |
| 62 | +sed -i 's/apikey:.*/apikey: bc061b2b-c330-49f6-8953-849637d593ac/' /etc/tuxcare-radar/radar.yaml |
| 63 | +``` |
| 64 | + |
| 65 | +By default the file will look like this, where `FILLME` should be replaced with your API key: |
| 66 | + |
| 67 | +```text |
| 68 | +base-url: https://radar.tuxcare.com |
| 69 | +logfile: /var/log/tuxcare-radar/radar.log |
| 70 | +statefile: /var/cache/tuxcare-radar/radar.json |
| 71 | +time-between-runs: 23h |
| 72 | +apikey: FILLME |
| 73 | +``` |
| 74 | + |
| 75 | +## Usage |
| 76 | + |
| 77 | +The installer should have created an /etc/cron.d/tuxcare-radar file that will run every 4th hour, it will check if a scan has been run in the last 23 hours (`time-between-runs` in radar.yaml) and if not, it will run a scan. |
| 78 | + |
| 79 | +If you need to manually run a scan instantly for any reason, you can run: |
| 80 | + |
| 81 | +```text |
| 82 | +su -s /bin/bash nobody -c "tuxcare-radar --config /etc/tuxcare-radar/radar.yaml" |
| 83 | +``` |
| 84 | + |
| 85 | +Then visit [https://radar.tuxcare.com](https://radar.tuxcare.com/) to view the results. |
| 86 | + |
0 commit comments